Date: Wed, 17 Aug 2005 14:19:06 -0700 From: Brian <bri@sonicboom.org> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: Fwd: Dual-feed: PF setup troubles Message-ID: <4303A9CA.9080808@sonicboom.org> In-Reply-To: <20050815162733.GC32151@insomnia.benzedrine.cx> References: <D5972F49810A69449A9EA72A4B360DC238712A@e1.universe.dart.spb> <48239d390508150840481420ec@mail.gmail.com> <20050815154334.GB32151@insomnia.benzedrine.cx> <48239d3905081509062c585a17@mail.gmail.com> <20050815162733.GC32151@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Hartmeier wrote: >On Mon, Aug 15, 2005 at 08:06:03PM +0400, Sergey Lapin wrote: > > > >>And as for other bugs - return to wrong place and NAT from wrong interface? >>#2 is serious >>http://www.mail-archive.com/freebsd-pf@freebsd.org/msg00421.html >> >> > >Repeat it on 6.0RC and provide the smallest ruleset that reproduces it >completely. The order of how translation rules are evaluated with >routing rules has changed several times, 6.0RC contains the newest code. > >Note that translation rules (like NAT) are executed before route-to is, >i.e. if you let outgoing packets first go out the default interface, any >NAT rule on that interface is performed, _before_ the packet is then >re-routed to the non-default interface. Using route-to on the internal >interface makes this a non-issue, but you met the bug when trying that. >Assuming that bug is fixed, it will probably be the simplest approach, >and work. > >If you do want to use route-to on the outgoing default interface, >however, you can try restricting the nat rules to appropriately tagged >packets, like > > nat on ... from ... to ... tagged TAG -> ... > >so they only apply for packets that are not (later) re-routed. > >Daniel >_______________________________________________ >freebsd-pf@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-pf >To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > RC? Coulda sworn we were only at beta2 publicly.. Brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4303A9CA.9080808>